EPM Permission

[Ranki]

Hi,

I got a quick question. Why is that in Admin --> manage
users page. In permisison setting, both Allow and Deny is
selectable ?

Can anybody please explain ?

Thanks in Advance

 

[Dale Howard [MVP]]

Ranki --

The reason that checkboxes are used (which allow both choices) rather than
radio buttons (which allow only a single choice) is because there must be
the option of having NEITHER checkbox selected (rather than both checkboxes
selected). Permissions in PWA have one of three possible states:

Allow (Allow is checked)
Not Allowed (Both Allow and Deny are not checked)
Deny (Deny is checked)

Hope this helps.

 

[Ranki]

Dale :

Thanks for the explanation. I need few more clarification.

Does not the second state equal to Deny ["Not Allowed
(Both Allow and Deny are not checked)"] ? How different is
Not Allowed from Deny ?

What is the state, if both Allow & Deny Checked ?

Regards

 

[Ranki]

Dale :

Thanks for the explanation. I need few more clarification.

Does not the second state equal to Deny ["Not Allowed
(Both Allow and Deny are not checked)"] ? How different is
Not Allowed from Deny ?

What is the state, if both Allow & Deny Checked ?

Regards

 

[Alexey Simonenko]

Study http://www.microsoft.com/technet/prodtechnol/office/proj2003/reskit/admingd.mspx - Chapter1 - section "understanding PS security

----- Ranki wrote: ----

Dale

Thanks for the explanation. I need few more clarification

Does not the second state equal to Deny ["Not Allowed
(Both Allow and Deny are not checked)"] ? How different is
Not Allowed from Deny

What is the state, if both Allow & Deny Checked

Regard

-----Original Message----
Ranki -

The reason that checkboxes are used (which allow both

choices) rather tha
radio buttons (which allow only a single choice) is because there must b
the option of having NEITHER checkbox selected (rather than both checkboxe
selected). Permissions in PWA have one of three possible states

Allow (Allow is checked

Not Allowed (Both Allow and Deny are not checked
Deny (Deny is checked

Hope this helps
--

Dale A. Howard [MVP
Enterprise Project Trainer/Consultan
http://www.msprojectexperts.co
"We wrote the book on Project Server

 

[Dale Howard [MVP]]

Ranki --

No. Now Allowed is different than Denied. They behave differently when the
system determines the cumulative permission for a user is a part of multiple
Groups or Categories. In order of precedence from strongest to weakest, the
permissions are:

1. Denied
2. Allowed
3. Not Allowed

For example, suppose that a user is a part of two Groups called Group1 and
Group 2. Suppose also that there is a permission that the Project Server
has set as follows in each Group. The system will determine the cumulative
permission across the two Groups as follows:

Group 1 Permission Not Allowed Not Allowed Allowed

Group 2 Permission Allowed Denied
Denied

Cumulative Permission Allowed Denied
Denied



Notice that in all cases the Allowed permission "trumps" the Not Allowed
permission, and the Denied permission "trumps" both of them. Hope this
helps.

Dale :

Thanks for the explanation. I need few more clarification.

Does not the second state equal to Deny ["Not Allowed
(Both Allow and Deny are not checked)"] ? How different is
Not Allowed from Deny ?

What is the state, if both Allow & Deny Checked ?

Regards

-----Original Message-----
Ranki --

The reason that checkboxes are used (which allow both choices) rather than
radio buttons (which allow only a single choice) is because there must be
the option of having NEITHER checkbox selected (rather than both checkboxes
selected). Permissions in PWA have one of three possible states:

Allow (Allow is checked)
Not Allowed (Both Allow and Deny are not checked)
Deny (Deny is checked)

Hope this helps.







.

 

[Gary L. Chefetz \(MVP\)]

Ranki:

If you're familiar with three value logic in databases, this might make more
sense: There's a precence to permissions. Deny trumps all, Allow trumps Not
allowed and Not Allowed, is the implicit state if neither Deny nor Allow is
explicitly selected.

Keep in mind that permissions are cumulative. You can be not allowed as a
member of one group but allowed as a member of another. In this case you
have permission to take the action. Similarly, you can be Allowed to do
something as a member of five groups, but if you're a member of one group
that has the permission denied, you're locked out. Remember "cumulative" and
"order of precedence" and you'll do just fine crafting your security matrix.

--

Gary L. Chefetz, MVP
"We wrote the book on Project Server
http://www.msprojectexperts

-

Dale :

Thanks for the explanation. I need few more clarification.

Does not the second state equal to Deny ["Not Allowed
(Both Allow and Deny are not checked)"] ? How different is
Not Allowed from Deny ?

What is the state, if both Allow & Deny Checked ?

Regards

-----Original Message-----
Ranki --

The reason that checkboxes are used (which allow both choices) rather than
radio buttons (which allow only a single choice) is because there must be
the option of having NEITHER checkbox selected (rather than both checkboxes
selected). Permissions in PWA have one of three possible states:

Allow (Allow is checked)
Not Allowed (Both Allow and Deny are not checked)
Deny (Deny is checked)

Hope this helps.







.